<?php
  $name = $_POST['name'];
  $password = $_POST['password'];
	
	   
  if(!isset($_POST['name'])&&!isset($_POST['password']))
  {
    //Visitor needs to enter a name and password
?>
    <h3>Log In</h3>
    You need to <A HREF="sign_up.html">register</A> or login.
    <form method="post" action="login.php">
    <table border="1">
    <tr>
      <th> *Username </th>
      <td> <input type="text" name="name"> </td>
    </tr>
    <tr>
      <th> *Password </th>
      <td> <input type="password" name="password"> </td>
    </tr>
    <tr>
      <td colspan="2" align="center">
        <input type="submit" value="Log In">
      </td>
    </tr>
    </table>
    </form>
<?php
  }
  else
  {
    include 'dbconnect.php';	// script to connect to the database

	// query the database to see if login name exists
	$query = "select count(*) from AllUsers where
              LoginID = '$name' and
              UserPassword = '$password'";
	  
	$result = mysqli_query( $mysql, $query );
	if(!$result)
	{
		echo 'Error: incorrect login or password.';
		exit;
	}
	$row = mysqli_fetch_row( $result );
	$count = $row[0];
    
	  
	$isDealer = true;
	
	// Check and see if they exist in dealer table
	$dealerQuery = "select count(*) from Dealer where 
		NonAdmins_AllUsers_LoginID = '$name'";
	$dresult = mysqli_query( $mysql, $dealerQuery );
	$row = mysqli_fetch_row( $dresult );
	
	// if not dealer check the registered user table
	if($row[0] <= 0 )
	{
		$ruQuery = "select count(*) from RegisteredUser where
			NonAdmins_AllUsers_LoginID = '$name'";
		
		$rresult = mysqli_query( $mysql, $ruQuery );
		$row = mysqli_fetch_row( $rresult );
		if( $row[0] > 0 )
		{
			$isDealer = false;
		}
	}

	if( $count > 0 && !$isDealer )  // is registered user
	{ echo '<form action ="search.php" method="POST">
			<p>Select search criteria</p>
			<p>If specifying a price range, place the lower value in the top box</p>
			<p>If searching by make and model, make goes in the top box, model in the bottom.</p>
			<br><input type="text" name="search1">
			<br><input type="text" name="search2">
			<select name="searchopt">
				<option value="makemodel">Make and Model</option>
				<option value="year">Year</option>
				<option value="range">Price Range</option>
			</select>
			<p>Order by:</p>
			<select name="sortopt">
				<option value="Make">Make</option>
				<option value="NonAdmins_AllUsers_LoginID">ID</option>
				<option value="Price">Price</option>
			</select>
			<input type="submit" value="Search">
			</form>
	';
	
	
		echo '<form action = "edit.php" method="POST">';
		echo '<hr>';
		echo '<p> Edit your user profile </p>';
		echo '<input type="hidden" name="user_name" value='.$name.'>';
		echo '<input type="submit" name="act_edit" value="edit" />';
		echo '<hr>';
		echo '</form>';
		
		$existsQuery = "select count(*) from Bookmark where
		RegisteredUser_NonAdmins_AllUsers_LoginID = '$name'";
		
		
		$result = mysqli_query( $mysql, $existsQuery );
		if(!$result)
			exit;
		
		$row = mysqli_fetch_row( $result );
		$bcount = $row[0];	
		
		echo '</br><p> You have '.$bcount.' bookmarked vehicle announcements.</p></br>';
		echo '<form enctype="multipart/form-data" action="bookmark.php" method="POST">
		<input type="submit" value="view bookmarks" name="act_bookmark_view">
		<input type="hidden" name="user_name" value="'.$name.'">
		</form>';
		echo '<hr>';
		
	}
    if ( $count > 0 )
    {
		echo '<hr>';
		echo '<p>Notifications</p>';
		
		$countQuery = "select count(*) from Notification join VehicleForSale on 
		VehicleForSale_VehicleForSaleID = VehicleForSaleID AND
		NonAdmins_AllUsers_LoginID = '$name'";
		
		
		$result = mysqli_query( $mysql, $countQuery );
		if(!$result)
			exit;
		
		$row = mysqli_fetch_row( $result );
		$ncount = $row[0];
		
		echo'<p> You have '.$ncount.' notifications from buyers. </p>';
		echo '<form enctype="multipart/form-data" action="notify.php" method="POST">
		<input type="submit" value="view notifications" name="act_view">
		<input type="hidden" name="user_name" value="'.$name.'">
		</form>';
		echo '<hr>';
		
      // visitor's name and password combination are correct
     echo '<h1>Post a vehicle announcement, view your postings, or view your announcements</h1>';

      //The hidden input type below allows authors to include form data without having it rendered to the user. 
      //This is particularly useful in form applications that span several HTML documents; user input can be carried 
      //from form to form by hidden INPUTs      
      echo '<form enctype="multipart/form-data" action="upload.php" method="POST">
			Please choose an image file: <input name="uploaded" type="file" /><br />
			
			Make:<br \>
			<input type="text" name="make"><br />
			
			Model:<br \>
			<input type="text" name="model"><br />
			
			Year:<br \>
			<input type="text" name="year"><br />
			
			Price:<br \>
			<input type="text" name="price"><br />
			
			Mileage:<br \>
			<input type="text" name="mileage"><br />
			
			Color:<br \>
			<input type="text" name="color"><br />
			
			Engine:<br \>
			<input type="text" name="engine"><br />
			
			Drive train:<br \>
			<input type="text" name="drivetrain"><br />
			
			Number of doors:<br \>
			<input type="text" name="doors"><br />
			
			VIN:<br \>
			<input type="text" name="vin"><br />
			
			Description:<br \>
			<input type="text" name="desc"><br />
			
			<input type="hidden" name="user_name" value='.$name.' />
			<input type="hidden" name="isDealer" value='.$isDealer.'/>
			<br \>
			<input type="submit" name="act_upload" value="upload" /> 
			<input type="submit" name="act_view" value="view" />
		</form>';
		
		echo '<p><a href=login.php>Log out</a>';
		
		
    }
	
	if( $count > 0 && !$isDealer )  // is registered user
	{
		echo '<hr>';
		echo '<form enctype="multipart/form-data" action="edit.php" method="POST">
			  <input type="hidden" name="user_name" value='.$name.' />
			  <input type="hidden" name="isDealer" value='.$isDealer.'/>';
		echo '<p> Edit your user profile </p>';
		echo '<input type="submit" name="act_edit" value="edit" />';
		echo '</form>';
	}
	

    else
    {
      // visitor's name and password combination are not correct
      echo '<h1>Login Error!</h1>';
      echo 'You are not authorized to view this page.<br>';
      echo '<br><a href=login.php>Back to login</a><br>';
    }
    
    /* close connection */
    mysqli_close($mysql);
  }
?>


